News Hub

Too Smart to be scammed? Maybe not...

National Scam Awareness Week ran during August and it is a reflection of the need to be vigilant at all times when dealing with information and funds. While “Too Smart to be Scammed” was the tag-line for the campaign, more and more we are seeing sophisticated methods of deceiving people and I would say, no-one is too smart NOT to be scammed.

We are contacted regularly from clients who have fallen victim to a new scam. More alarming is that the scam may not originate in your organisation – your suppliers’ systems are exposed also, so if you do not have strict controls and protocols in place, your staff may be tricked into helping the thieves achieve their goals.

As we have advised before, every day your business will receive “scam” communications via emails, phone calls and even written requests all for the same goal – to obtain funds, goods or services by deception. Some attempts will be obvious fakes but unfortunately, some will be very convincing.

Recently a Travel Agent’s supplier was hacked and their system infiltrated by malware that allowed their emails to be monitored. When an invoice was sent direct to a passenger, the bank account for payment had been altered. The passenger then, in good faith, made payment to the bogus bank account and the money for the trip gone forever.

Whilst most companies have a strict payment process in place, in this case, the consultant thought they were helping the passenger meet a deadline but the result was devastating.

It may come as a surprise to many that Professional Indemnity Insurance does not cover these losses and in most cases, neither does the Crime Section of other policies. Risk prevention is the best solution in these circumstances.

For National Scams Awareness Week, the website put up many interesting examples and they have put a challenge on their site to see if you can spot the signs. One of them relates to a business email compromise scam:

You’re at work and you’re about to log off for the week. Just before you do, you receive an email from your CEO about an urgent payment. Your first thought is to action his instructions immediately, but then you realise he’s asked you to do something somewhat different from your usual process. You carefully consider the email again and realise it’s a scam.

What are three signs that this email is a scam?

The answers are:

You can't confirm who it's from. Scammers often use email addresses that are similar to a real email address. Check that the sender's email address is the real one. Look carefully — the letter 'i' in 'services' is actually a different character. These kinds of differences might be really hard to spot.

It has a sense of urgency. Scammers try to create a sense of urgency to encourage you to do something quickly without thinking it through or checking that it’s genuine. Don’t rush — take the time to consider and check whether an email is real.

Some things have changed. Business email compromise scammers will try to divert payments to their own bank accounts. Always verify changes to payment details directly with the recipient, using known and trusted contact details. Don’t deviate from your organisation’s payment procedure, which may include going through a finance, accounting or payment team, even if the request appears to come from your CEO or senior manager.

We would highly recommend you have a look at this challenge and the other examples at Scamwatch.gov.au.

Best Practice for your business

Now more than ever it is important to ensure you and your staff are taking appropriate action. Besides having in place a quality Cyber & Privacy Protection Insurance Policy, you need to ensure your organisation regularly informs all of your staff what to watch out for. Some examples include:

Be wary of unsolicited phone calls. People can claim they are from your bank or other well-known organisations and can be very convincing. Do not give out information that the organisation calling you should already know. Fraudsters will often say there is a problem with your account, ask you to transfer money. They can even ask you to call a number you know and keep the phone line open so when you call back you are speaking to them.

Always be very careful with your customers' personal details and how this information is used or whom it is provided to.

Unsolicited emails may direct you to a link containing a virus – just one accidental click can bring an entire network down. Remind your staff that under no circumstances should these emails be opened, and if it does happen, it should be reported IMMEDIATELY. The sooner your IT firm is advised, the sooner the damage can be halted.

All portable equipment (laptops, smartphones, iPads and the like) should be password protected/encrypted to protect sensitive information. When these items are lost, it is not only the property that has gone – the unsecured information could be much more costly.

What you need to do

Ensure you have protocols that are followed by all staff at all times

Should an attack happen, act immediately and contact your IT Provider (if funds are involved also contact your bank IMMEDIATELY)

Be certain that you have a comprehensive Cyber & Privacy Protection Insurance Policy in place – if an attack happens, your Broker will be able to put you in contact with specialist firms that can assist you through the incident.

It is important to always take Cybersecurity a priority – the stakes are too high to ignore this ever-evolving threat.

If you would like further information or an obligation free Insurance quote, please contact Rebecca Fleming, Manager of our Travel Division at Gow-Gates Insurance Brokers on (02) 8267 9919 or rfleming@gowgates.com.au to discuss your circumstances or to obtain a quotation.

General Advice Warning – the information in the above article is intended as a guide only and should not be relied upon without consulting your relevant insurance policy wording and conditions or conversely seeking professional advice from either your insurance broker or insurer regarding a claim or potential loss. Failure to adhere to this warning could result in a denial of a claim or potential loss or a reduction in settlement of a claim or potential loss